3 Days Left to Get MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Who Owns ICS Security? Fusing IT, OT, & IIoT Security in the Corporate SOC.

  • Thursday, December 14, 2017 at 1:00 PM EST (2017-12-14 18:00:00 UTC)
  • Phil Neray, Doug Wylie


  • CyberX

You can now attend the webcast using your mobile device!



When targeted ICS attacks and malware impact production operations, everyone in the organization is affected. Downtime leads to customer dissatisfaction, reduced revenue, quarterly losses due to clean-up costs, fewer career opportunities from slower growth, and more.

ICS security has historically operated in its own silo. With its unique priorities (Safety and Availability vs. Confidentiality, etc.), lack of visibility into non-IT devices and protocols, and the notion of air-gapping, this seemed like the optimum approach.

But the world has changed dramatically. IIoT technology brings many benefits to businesses such as smart machines and real-time intelligence from the factory floor - but it also increases the attack surface and requires continuous connectivity between IT and OT.

Attackers look for the weakest links - and don't care if they pivot from a control engineer's PC on the corporate IT network, an HMI maintained by a third-party vendor whose credentials have been compromised, or a vulnerable CCTV device operated by the physical security team.

In this educational webinar led by Doug Wylie, SANS Director of the Industrials & Infrastructure practice area and previously Director of Product Security and Risk Management at Rockwell Automation, with Phil Neray, VP of Industrial Cybersecurity at CyberX, we'll explore the following questions:

  • Blending IT, OT and IIoT Security in the Corporate SOC: Given the massive investment organizations have already made in centralized SOCs - in trained personnel, standardized workflows, and unifying technologies such as SIEMs - is it time to bring ICS security into the corporate SOC?
  • Addressing the culture gap: How do we encourage tighter collaboration between IT security and OT teams?
  • Funding models: Who pays for stronger ICS security?
  • New technologies for Active Cyber Defense: With varying degrees of maturity, purpose-built OT security platforms now provide unprecedented visibility into ICS protocols, devices, and applications, combined with OT-specific analytics for behavioral anomaly detection. So how do we move beyond simple Syslog alerts to provide deeper visibility for SOC analysts - so they can leverage their skills in modern active cyber defense strategies such as threat modeling, threat hunting, and threat intelligence?

Speaker Bios

Doug Wylie

Doug Wylie directs the SANS Industrials and Infrastructure business portfolio, helping companies fulfill business objectives to manage security risks and develop a security-effective workforce.†His lengthy career spans a wide array of industries. He served as Rockwell Automationís director of product security risk management, where he founded and led its industrial cybersecurity and risk management program. Doug works around the world with companies, industry and standards bodies, and government entities to help safeguard converged IT-OT systems from contemporary cybersecurity threats.†He holds the CISSP certification and numerous patents, as well as being an accomplished writer, speaker and presenter.

Phil Neray

Phil Neray is Director of Azure IoT & Industrial Cybersecurity at Microsoft. He joined Microsoft after its acquisition of CyberX, a leader in agentless security and behavioral analytics for industrial and critical infrastructure networks. Prior to CyberX, Phil held executive roles at IBM Security/Q1 Labs, Symantec, Veracode, and Guardium. Phil began his career as an engineer with Hydro-Quebec and as a Schlumberger engineer on oil rigs in South America. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a First-Degree Black Belt in American Jiu Jitsu.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.